Security Analysis of SDN Cloud Applications

Abstract

Recently with the emergence of Software Defined Networking (SDN), cloud environments have gone through modifications as traditional data centers adopt SDN as a network management solution. As cloud networking platform provides great power to configure networks in cloud, there is also a downside that intruders and hackers may control the network functionality which may lead to more damage than in legacy networks. Even though cloud networking providers implement the most of the security standards, data storage and important files on external service providers may lead to risk. The ease in procuring and accessing cloud services can also give users the ability to scan, identify and exploit loopholes and vulnerabilities within a system. For instance, in a multi-tenant cloud architecture where multiple users are hosted on the same server, a hacker might try to break into the data of other users hosted and stored on the same server. However, such exploits and loopholes are not likely to surface and the likelihood of a compromise is not great. Understanding traffic flows will extract issues out and methods can be suggested dealing with it. Security concerns here are highly expanded attack that includes the control and data plane. Security challenges are unique to clouds that differ from SDN. In this paper, SDN cloud applications are compared and analysis of three applications such as Meridian, CloudNaaS and HPE Virtual Cloud Network are performed. Main factor for choosing the three applications are their market share and wide deployment. The architecture of these applications are explained and security analysis is done using a threat analysis tool called STRIDE. We suggest some mitigation techniques for the well known threats like spoofing , tampering of data, repudiation and also check if the application has in-built countermeasures against these threats.